The Access Group

Elemental - Social Prescribing Software

Elemental, an award-winning Social Prescribing platform, helps organisations to demonstrate real value and impact from their community investment activity.

Elemental offers a range of digital social prescribing solutions designed to support self-care and independence for patients/citizens, making it easier to make, manage, track and measure the impact of community investment.


  • Two-way integration with GP software systems (EMIS, SystmOne & Vision)
  • Integration with Mental Health ERP Software Rio by Servelec
  • Integration with ERP Care Case Management Software Rio by Servelec
  • Inbuilt Directory of Services and API integrating with other Directories.
  • Fully flexible referral pathway to suit your Social Prescribing Programme
  • Case Management System for Referral Handler (Social Prescribing Link Workers)
  • Analytics Module (Reports, Dashboards & Data Export)
  • Attendance Tracker (for Patients/Citizens when attending community activities)
  • Monitoring Tools (to include PAM, ONS4, MyCaw)
  • Fully responsive to accommodate a range of screen sizes.


  • Frees Clinicians time by sending direct referral to local SP-Hubs
  • Helping Patients/Citizens better understand health risks using validated monitoring tools
  • Measure health and wellbeing of Patients/Citizens and impact over time.
  • Generate bookings with providers using a Patients/Citizen personal calendar
  • Connect patient health risks to specific interventions in their community
  • Facilitate, track and measure attendance rates
  • Cross reference health journeys against specific and cohort health risks
  • Provide analytics to justify commissioning
  • Improve staff efficiency


£4,000 a licence a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

3 9 2 0 6 5 3 5 8 9 7 7 7 6 4


The Access Group Natalie Giles-Grant
Telephone: 01206322575

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
-EMIS (Social Prescription Connector within EMIS Web)
-SystmOne (Social Prescription Connector within SystmOne)
-Vision (Social Prescription Connector within Vision)
-Rio (Social Prescription Connector within Rio)
-Mosaic (Social Prescription Connector within Mosaic)
- Insignia Health (Patient Activation Measure (PAM) Within Flourish System)
Cloud deployment model
Public cloud
Service constraints
No, the system is compatible with all modern browsers (that is supported by the vendor), although Chrome is recommended. There are no additional plug-in requirements.
System requirements
Requires a modern browser (that is supported by your vendor)

User support

Email or online ticketing support
Email or online ticketing
Support response times
Within 2 hours during normal working hours (9am-5pm Monday - Friday).
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
We have developed a range of support plans for our customers;

1 ) Our online Knowledge base and Community service plans are available to all our clients. We have made significant investment in our client support tools.
2) Our Customer Success portal provides around the clock access to log incidents, browse articles and videos to find solutions.
3) Our Support teams are available Monday -Friday 9am-5pm (or 8am-6pm on Standard/Premium) On these plans P1 cases are responded to in 1 hour.

Please refer to for further details
Support available to third parties

Onboarding and offboarding

Getting started
We provide a blended learning environment which is delivered through a combination of;
- Online training webinars
- Facilitated E-learning training
- Face to Face training workshops
- Online support via our integrated customer support platform Zendesk
- Email support
- Telephone support.

Users will have access to our state of the art Online Learning Academy (OLA) and our dedicated training team to ensure users are comfortable and confident in utilising the platform in relation to their user roles.

There are 4 types of user training:

-Referral Agent: 1 hour recorded tutorial and cheat sheets.
-Referral Handler: 4 hours Self Learning + 5 Hours Online Live Facilitated Learning.
-Super User: 2 hours recorded tutorial and cheat sheets. Online Live Facilitated Workshop also available.
-Community Provider: 1 hour recorded tutorial and cheat sheets.

Users can access the OLA for helpful resources such as videos, cheat sheets and recorded tutorials. Access to the OLA is available 24/7.

In addition we carry out community development tasks that engage the community in which the social prescribing platform will be used. This includes; - Mapping of community assets - Stakeholder community engagement workshops. This allows us to define a shared vision with partners and stakeholders.
Service documentation
Documentation formats
End-of-contract data extraction
At the end of a contract period the user will email us and their data will be compiled and sent to them in an encrypted CSV file.
End-of-contract process
At the end of the contract process, all data will be provided to the client in the form of an encrypted CSV file. This is included in the cost of the annual software license fee.

Any requests to transfer the data in a different format will be considered but there may be an additional cost associated with this.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Yes, the platform layout is responsive and will adapt to display on a range of mobile and desktop screens.
Service interface
User support accessibility
None or don’t know
Description of service interface
Elemental’s award-winning platform is easy to use, cloud-based, and responsive that;
-Measures the uptake and impact of social prescribing
-Tracks user journeys
-Measures the impact on the person, the community and the health and social care system
-Delivers on national/ regional and local community health strategies

Elemental’s platform has several USPs. The most significant is that its a fully integrated 5-way system, linking;
1-Referral Agents (Typically health and social care professionals, other examples include Housing, Fire Service, Police Service, etc)
2-Referral Handlers (Typically Social Prescribing staff)
3-Local providers of Social Prescribing interventions (Typically VCSE organisations)
Accessibility standards
None or don’t know
Description of accessibility
Elemental's service interface is available in the following ways to all users (as mentioned in above question), using an individual username and password for users. Different access points include;
-Via a web-browser
-Via a dedicated self-refer kiosk
-Via a customer Website powered by Elemental on the back-end
-Via EMIS Partner API within EMISWeb
-Via Elemental's own API to a variety of partner platforms (i.e. directory of services)

Users are supported digitally with Elemental right across the
Accessibility testing
Initial pilots have been carried out in small focus groups to date.

To note that for each new customer we complete a robust users requirements in partnership with the customer and in that user requirements, possible support services (such as assistive technology needs) are identified and agreed with with the customer. Therefore this is very much done on a case by case basis, dependent on requirements.

Additionally after user requirements are signed off the customers can at any time request additional service support needs via their named Account Manager who will manage the support request on behalf of the customer.
What users can and can't do using the API
We currently have an API service.

It provides User management (Create, Read, Update, Delete) and search features for registered and authorised users of our system via a REST interface.
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
What can be customised?
The set up of the platform can be customised depending on:
- Who is making referrals. Referrals can be set to be received via the standalone platform or via several clinical systems/in house systems i.e. EMIS Web
- What they want to use the platform to capture. For example, the monitoring tools that the licensee wishes to use can be customised (Elemental has several commercial partnerships set up with companies like Insignia (PAM scores) Triangle (Outcomes star)).
- User functionality can be customised to ensure that the project pathways are managed and followed
- Reporting and KPIs can be customised per customer

How can users customise?
- Customisation is done within the hub management area of the platform for that particular licensee

Who can customise?
- Only those nominated as super users for that particular licensee hub can customise for the licensee


Independence of resources
Proactive monitoring of the platform is provided using Rollbar. Where a server or other component is deemed to be nearing the threshold requiring additional resource the issue is rectified.


Service usage metrics
Metrics types
We provide services metrics for our customers through a number of ways;

1) Via real time dashboards and reports within the Core Reports section of the Elemental Core platform as standard for all customers
2) Via an API (upon request) to for example in house IT/Analytics team to their assigned Commissioning Support Unit
3) Bespoke data export report (upon request)
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with CSA CCM v3.0
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
There are several ways in which a user can export their data;

1) Via the data export tool - This enables users to get a full data export of all their data associated to the licensee in CSV format. To note: This facility will only be available for nominated users that has been signed off on by the customers

2) Via exporting to within reports. Within the Elemental Core platform users have access to a suite of Core reports. A feature of these reports is the ability to export to export selected reporting data a CSV or excel
Data export formats
  • CSV
  • Other
Other data export formats
  • Excel
  • JSON (by request)
Data import formats
  • CSV
  • Other
Other data import formats
  • Excel
  • JSON

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
In addition, all sensitive data transmitted within the Server’s VPC (Virtual Private Cloud) network is also encrypted. This is achieved by utilising field level encryption in any sensitive fields within the database.
Data protection within supplier network
Other protection within supplier network
All platform data is secured on AWS (London, UK). Access to server instances is via secure ssh sessions. All confidential data is encrypted.

Availability and resilience

Guaranteed availability
Availability will be 99.5% within hours of operation as per our standard SLA.
Approach to resilience
Available on request.
Outage reporting
Elemental utilises industry standard monitoring solutions which immediately alert our teams to a service outage. Contact with customers is made via telephone and/or email to inform them.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
We operate role profile based Access Control - based on least privilege access. This applies to all our services.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
Description of management access authentication
Access to servers is restricted using Public Key Authentication (a PEM certificate file securely stored).

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Centre for Assessment
ISO/IEC 27001 accreditation date
16th December 2021
What the ISO/IEC 27001 doesn’t cover
Nothing is excluded from the Standard.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
-Data Security & Protection compliant
-Cyber Essentials Plus
-ISO:27001 certified

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
All controls included within Annex A of the ISO27001:2013 standard. Statement Of Applicability (SOA) available on request.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
All processes and data are securely stored on AWS instances, and all confidential data is encrypted.
User access is over HTTP and is Username/Password protected. Multiple failed login attempts will lock users out of the system temporally to disrupt brute force attacks.

Multi-Factor Authentication has recently been released to existing and new customers.

Server logs are monitored and alarms set to flag suspicious activity.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
System logs, system load and response times are monitored for suspicious activity. Users can also contact us if they suspect something. If a compromise is suspected all senior staff are notified immediately. Senior engineers analyse the system.

Depending on the nature of the threat, we can blacklist the connection performing the attack temporarily close all incoming connections to protect the data.

All relevant parties are notified and report given as to what happened, and if any data was compromised. Our infrastructure response is within 2 hour in the SLA period 9am-5pm Monday–Friday.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
We operate a robust incident management process in line with ISO27001:2013 Staff are encouraged to report all incidents using a pre-defined process using a form available on our Company Collaborate site Incident reports will be provided following forensics and closure.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value



Access places specific emphasis on the health and wellbeing of its staff and provides a “Well-being” hub in workspace that provides support for Mental Health, Finances, Social, Physical, Emotional and purpose. Assistance from Health Assured is available for all staff and there are training resources for “working in the new normal” and “Mental health and wellbeing” . Access also has “well-being” champions throughout the organisation. This is supported by monthly employee “check in” surveys and offers of flexible working for staff to meet caring commitments.


£4,000 a licence a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.